Rob,
Just a tip
If you have virtual box or VMware, throw a Manager on their and use it to
test your rules and decoders. You can just paste the log into
ossec-logtest. It will sure save you a lot of heartache when
troubleshooting.
Hope that helps
On Monday, April 25, 2016 at 10:13:13 AM
Tahir,
There are two scans which run, depending on the size of your environment
this can take some time (in your case 30 min).
1) rootcheck
2) syscheck
This configuration is located in your ossec.conf:
79200
If you have changed the frequency or forced the scan and noticed it is
The website http://documentation.wazuh.com/en/latest/about.html should be
able to answer most of your questions. Its has instructions on the
installation processes.
On Tuesday, April 26, 2016 at 3:19:43 PM UTC-4, Dennis Golden wrote:
>
> Over the past several years, I have submitted diff's for
Interesting... that should be the only config that you need to update in
order to disable the root check. I tried it in my lab and disabled it
properly as well.
On Sunday, April 17, 2016 at 4:56:15 AM UTC-4, eyal gershon wrote:
>
> I checked again the logs -
>
> 2016/04/16 18:37:27